Admin

Configure and operate identity, policy, and access controls for your Keycard deployment.

Admin is where teams configure and operate Keycard: identity, resource catalogs, access policy, roles, SSO, audit, deployment, and billing. It turns agent access from an ad hoc approval process into rules that enforce themselves.

With Admin, you can:

Write permit/forbid policies that evaluate every request, with safe rollback to any previous version
Bring your own IdP so users authenticate through Okta, Auth0, or Google
Assign roles scoped to the organization or individual zones
Add Gmail, GitHub, Slack, and other APIs from the Resource Catalog
Install pre-configured MCP servers from the MCP Catalog, protected by your zone’s identity and policy layer
Gate administrative access behind your corporate SSO

Get Started

GET STARTED

Set up your identity provider, from app creation to first login.

Use Okta for Sign InCreate an Okta application and configure it as a provider in your Keycard zone

Use Auth0 for Sign InCreate an Auth0 application and configure it as a provider in your Keycard zone

Configuration

CONFIGURATION

Each admin area with setup steps and examples.

Access PoliciesIndividual permit/forbid rules and policy sets that control access across a zone

Identity ProvidersConnect your own OAuth 2.0 IdP for zone-level user authentication

Zone AuthenticationConfiguring zone authentication, inviting users, sign up, and troubleshooting

Roles & PermissionsOrganization and zone roles that control who can manage settings and resources

Single Sign-OnOIDC-based SSO for your team’s access to Keycard Console, with JIT provisioning

Resource CatalogPre-configured integrations for Gmail, GitHub, Slack, and more, ready to add to your zone

MCP CatalogInstall pre-configured MCP servers into Cursor, Claude Code, or any MCP client, protected by the Keycard MCP Gateway

API Reference Terraform